On 5/16/2012 8:59 PM, Chad M Stewart wrote: > > I can't figure out how to setup an additional content filter based on a > restriction class. I need a clue stick applied, gently I hope. :-) > > High level of my setup > > reload -- version 2.9.1, configuration /usr/local/etc/postfix > > Internet -> postscreen -> smtpd ---LMTP--> content filter on localhost:37726 > --SMTP--> postfix:10025. That all works no problem. What I want to > accomplish is on postfix:10025 have an additional content filter, but not for > all addresses, only those that are in a particular restriction class. > > > Relevant parts of config > > master.cf > #### > smtp inet n - n - 1 postscreen > smtpd pass - - y - - smtpd > -o content_filter=lmtp:localhost:37726 > dnsblog unix - - n - 0 dnsblog > tlsproxy unix - - n - 0 tlsproxy > # > # > ################### > localhost:10025 inet n - n - - smtpd > -o smtpd_milters= > -o > receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks > -o smtpd_helo_restrictions= > -o smtpd_client_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o mynetworks=127.0.0.0/8,192.168.7.30 > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > > > What I've tried in main.cf is the following > > smtpd_restriction_classes = ultra_rc, high_rc, med_rc, low_rc, > discard_filter_rc > > discard_filter_rc = > sleep 2 > reject_invalid_hostname > reject_unknown_reverse_client_hostname > reject_non_fqdn_sender > reject_non_fqdn_recipient > reject_unknown_sender_domain > reject_unknown_recipient_domain > reject_unverified_recipient > reject_multi_recipient_bounce > reject_unauth_pipelining > check_policy_service unix:private/spf-policy > content_filter = smtp:localhost:10027
content_filter is not a valid argument in this context. You could replace it with an access table that returns "FILTER smtp:[127.0.0.1]:10027" when the input matches. Also note that content_filter and FILTER directives are not additive -- the last one applied is the one used. If you want to apply multiple filters, you will need to chain them in master.cf or use multiple postfix versions, basically add the access table that triggers the restriction class to one of the "-o smtpd_*_restrictions" of the 10025 listener, and then add another listener to receive the input from 10027. So the full path for mail with the extra filtering would be something like Internet -> postscreen -> smtpd ---LMTP--> content filter on localhost:37726 --SMTP--> postfix:10025--> filter:10027--> postfix:10029--> final delivery -- Noel Jones
